1. Field of the Invention
The present invention relates to a security system for a transmission device to prevent a person not having permission from illegally accessing a network, and to find out an illegal operator as soon as possible.
2. Description of the Related Art
As information volume handled by recent networks is being increased, and network structures are being become complicated, influences caused by illegal operations have been increased year by year.
Additionally, as open networks have expanded, various kinds of routings are prepared for accessing the networks, and therefore, a possibility of illegal access to the network from non-authorized persons has increased. If the non-authorized persons access the network illegally, it should be difficult to specify any illegally accessed route.
Therefore, a high security system is required for transmission devices, which are structural elements of a network, to prevent from illegally accessing and prevent access-operations by the non-authorized persons.
To have such the security system, the following functions are provided in a conventional security system for a transmission device: first is to check the authorization of a user according to a user ID and a password when the user logs in the transmission device; second is to automatically release a status of log-in for the transmission device when a command is not input during a certain interval; and third is to set a level for an authorized-user at each command so as to give permission to only a user having the level more than specified one.
Consequently, easy logging-in a transmission device is inhibited, and the situation is avoided such that a log-in status where a command can be input is maintained for a long period. Further, there should be limitations in usable commands according to user-levels so that input operations are inhibited which exceed user""s authority.
However, since the conventional security system does not inhibit a user from inputting a command, itself, the user can try to input a log-in command, as varying a user ID or a password, respectively. Additionally, since it is difficult to specify a transmission device, to which an illegal operation of inputting a command is executed, a non-authorized person illegally operating can be barely found out before a failure occurs in the network.
Additionally, in the case where after a maintenance operator finishes maintenance operations for a transmission device, he forgets to release the log-in status and is apart from the device, for example, it becomes possible to input commands according to the user level of the maintenance operator until a certain period elapses.
Accordingly, this brings some problems such that log-in operations can succeed by some trials of inputting log-in commands, varying the user ID or password, and illegal operators can not be found out easily.
Alternatively, another problem occurs such that a non-authorized person can control a network illegally by connecting other terminals, after a maintenance operator finishes the maintenance operation. Further, user levels can be set for permission in each command. This means all user are specified and the permission is given to the all users.
Accordingly, it is an object of the present invention to provide a transmission device with a high security system level, by which the transmission device automatically executes specifying an illegally operated device to inhibit from the illegal operations, preventing a maintenance operator from forgetting to release a log-in status, and setting user levels for permission in each command according to a condition that a maintenance operator sets.
The above-described problems can be solved by the following features:
1) When a cable disconnection is detected at a port for a control terminal or port for a modem provided in a transmission device, or a communication disconnection between modems is detected at the port for the modem, the release of a log-in status, i.e., logs off, is performed where logging in operations are executed for the own device or the other device through respective ports;
2) When failing in inputting a log-in command to a transmission device is made more than specified times, a network address (NSAP) and a device ID of the transmission device, to which the log-in command is input, are reported to all maintenance operators logged in the transmission device;
3) When failings in inputting a log-in command to a transmission device are made more than specified times, a temporal communication status is established among all devices in a network, to which the transmission device is belonging, and a network address (NSAP) and a device ID of the transmission device, to which the log-in command is input are reported to the all devices in the network;
4) The transmission device, in which an illegal access is detected according to the failed log-in command detected by the above-described (2) and (3), informs the detection of illegal operations to a command sender, and the informed device locks an operating port and inhibits from inputting all commands;
5) When a command input from a control terminal linked to the own device specifies a device not existing in the network, or a command is input to a device where a log-in status is not established, the number of operations is counted by detecting error messages of the input commands, and the operating port is locked to inhibit from inputting all commands when the counted number of operations exceeds a prescribed number; and
6) When fulfilling a condition set by a maintenance operator, a transmission device automatically changes settings of user permission levels for command supported by the transmission device to a concurrently specified user level.
Further, other objects of the present invention will become clear by the following descriptions explaining embodiments according to the attached drawings.